General
-
Target
2024-12-24_18d2915796a2a13b16c8ec2aac386344_icedid_xmrig
-
Size
15.7MB
-
Sample
241224-2m8r6azlep
-
MD5
18d2915796a2a13b16c8ec2aac386344
-
SHA1
70cedd19d776c6ff69c08aa3c5bf97c7eff4f959
-
SHA256
df80913c97ccdb72060d61da5de9a7da5bf71094616274c9b491633e039b4a69
-
SHA512
237d3b206c3e34a320677fe3019f38bfcf7ad9bacb3ef2284e13ad05aba09cbc6844e54e11663f9020aeea333546033cc247b914cb2044e7ed2a6ad8859d5158
-
SSDEEP
196608:da9+6Y7SOEibgRHuGGBfWc1qfBGBfWAuQ/GBfW3uhyGr23Hr2327PVbDi4:dFgRiWcQfGWAuhW3uh8h3i4
Behavioral task
behavioral1
Sample
2024-12-24_18d2915796a2a13b16c8ec2aac386344_icedid_xmrig.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
2024-12-24_18d2915796a2a13b16c8ec2aac386344_icedid_xmrig
-
Size
15.7MB
-
MD5
18d2915796a2a13b16c8ec2aac386344
-
SHA1
70cedd19d776c6ff69c08aa3c5bf97c7eff4f959
-
SHA256
df80913c97ccdb72060d61da5de9a7da5bf71094616274c9b491633e039b4a69
-
SHA512
237d3b206c3e34a320677fe3019f38bfcf7ad9bacb3ef2284e13ad05aba09cbc6844e54e11663f9020aeea333546033cc247b914cb2044e7ed2a6ad8859d5158
-
SSDEEP
196608:da9+6Y7SOEibgRHuGGBfWc1qfBGBfWAuQ/GBfW3uhyGr23Hr2327PVbDi4:dFgRiWcQfGWAuhW3uh8h3i4
-
Blackmoon family
-
Detect Blackmoon payload
-
Xmrig family
-
XMRig Miner payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1